SD-WAN security: Finding the automated migration comfort zone

Without question, software-defined wide area networks (SD-WANs) now represent a key part of an overall cloud service delivery transformation equation. But as with any transformation of this magnitude, success hinges on seamless execution on both a technical and business level.

In order to understand the associated SD-WAN security business drivers and technical requirements, Heavy Reading launched the SD-WAN Security Market Leadership Study (MLS) with collaboration partners Amdocs, Fortinet, Lavelle Networks and Nuage Networks in the fourth quarter of 2019. The survey attracted 90 qualified global respondents and documented SD-WAN security service use cases, implementation timelines, cloud service integration opportunities, the role of automation and policy as well as current and future technical requirements.

Measuring migration comfort level
Over the past few years, communications service providers (CSPs) have faced an unprecedented cadence of technological change encompassing cloud service migration, multi-access edge computing (MEC) and the rollout of 5G networks. Since SD-WAN has rapidly established itself as the access technology for all these technologies, it is apparent that it will need to continue evolving.

The key question is how well SD-WAN security services already deployed or soon to be deployed will be able to manage these technology-driven transitions. Overall, as shown in Figure 1, most respondents (39% to 51%) believe that they will face a "complex but manageable migration." A smaller but still significant group (16% to 25%) expects a "seamless software migration" path to support new technologies.

In contrast, only 15% to 23% expect a "very complex migration," with the 5G Next-Generation Core (NGC) implementation representing the technology of greatest concern. This range of "very complex migration" concerns should not be taken lightly. However, given the percentage of "seamless migration" and "complex but manageable migration" survey respondents, Heavy Reading believes most CSPs are comfortable that their SD-WAN security services can evolve to meet future networking technology requirements.

Evolving SD-WAN security services

Question: How difficult will it be for your current commercial SD-WAN security services implementation to evolve to support the following advanced networking capabilities? (N=89)
(Source: Heavy Reading)

Assessing the impact of automation
Although not explicitly stated in any new technology development plan, there is an implicit assumption that any advanced technology will also be able to support some level of automation integration as it evolves to meet future service demands.

In this context, SD-WAN is no different, so a key focus of the SD-WAN Security MLS project was to assess the impact of automation on SD-WAN. Specifically, Heavy Reading sought to determine which SD-WAN functions would be most positively affected by the implementation of automated security policies and provisioning processes. As shown in Figure 2, based on "extremely positive impact" and "positive impact" response levels, the entire standard list of SD-WAN security functions is relevant. Of these, based on the top three "extremely positive impact" responses, the most important areas are vFirewall (33%), intrusion prevention (29%) and distributed denial-of-service (DDoS) mitigation (27%).

However, it is important to note that capabilities such as application control, web filtering and packet filtering are behind by only a few points (24% to 26%), emphasizing their overall strong value proposition. Given the range of positive responses, it is clear that CSPs believe automation in an SD-WAN security context will be valuable on many levels. SD-WAN will likely continue to be a vital service delivery platform as we evolve into the automated world of the future.

Impact of automated security policies and provisioning

Question: What impact will the implementation of automated security policies and provisioning processes have on the performance of the following SD-WAN security services? (N=89)
(Source: Heavy Reading)

Are mobile operators central to the private mobile network opportunity? Or, with new enterprise spectrum allocations, are they destined to be usurped by vendors, systems integrators and enterprises themselves?